Access API using Service Account - nest-device-access

Does the Smart Device Management API support access using a Service Account? If so what's the magic combo?
I can access the API using registered OAuth2, and get valid device list response.
When using Service Account credentials to access the device list API I get:
{
"error": {
"code": 404,
"message": "Enterprise enterprises/{project-id} not found.",
"status": "NOT_FOUND"
}
}

I think the problem is that google have chosen to cut off the "home project" user. They seem to only support oauth2 auth and if you want to use it you have to get your app certified, otherwise they revoke the refresh token after 7 days. If the refresh token didn't get revoked every 7 days then I'd be happy with oauth2 offline auth. Come on google, support the home hobbyists!

Related

google calendar api send as another user on our domain using service account

I have a service account, and I downloaded the credentials that look like:
{
"installed":{
"client_id":"abc123",
...
}
}
And I go through the procedure of running the node.js based code which attempts to create the token file with getNewAccessToken, and it gives me the prompt:
Authorize this app by visiting this url: https://accounts.google.com/o/oauth2/v2/auth?ac...
When I go to the link, it asks me to log in with my google account.
That sets the token and I can send google calendar events where the calendar id is set to primary (and it is set to be from me) but I can't set the calendar id to John.Smith#mycompany.com
It says
{
"domain": "calendar",
"reason": "requiredAccessLevel",
"message": "You need to have writer access to this calendar."
}
I am not sure how to make it so my service account can be used to send events on behalf of our staff members. Is it because when authorizing I logged in as my account instead of the service account, and if so, how do I authorize as the service account.
Update: I am using the code provided in the google calendar api quickstart guide

Access to Client Credential Flow (2-legged OAuth) of Linkedin API

How to get access to LinkedIn API Client using Client Credential Flow (2-legged OAuth) when my usecase does not fit in one of the LinkedIn partners scope? How/where should I apply to get access? Or does it mean only the 4 usecases in this link can use server-side-only access to LinkedIn (without explicit user authentication)?
Currently, when I try to authenticate and get an access token, I have the following error:
{
"error": "access_denied",
"error_description": "This application is not allowed to create application tokens"
}
My usecase is to save time in our internal process following an interview we had with entrepreneurs. We generate a report and, instead of manually picking their profile information from LinkedIn, we would like to pre-fill the report using the LinkedIn API.
The LinkedIn support redirects to either Stack Overflow for API support or the link above to request access (which is for specific usecases only)
Resources:
- Use of OAUth 2.0 Client Credentials Flow

Accessing a Google Domain's Google Groups from a service account - Keep getting 403 unauthorized

I'm trying to get a list of groups for a domain in Google Api (https://developers.google.com/admin-sdk/directory/v1/reference/groups/list).
I'm using "domain wide delegation", and have a service account from which the web app makes all its requests to Google.
The admin-sdk requires the requesting user to be an administrator, so i'm impersonating a admin user on the given domain.
This works fine with (https://developers.google.com/admin-sdk/directory/v1/reference/users/get), but when I'm trying to use the group api, it fails like this:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not Authorized to access this resource/api"
}
],
"code": 403,
"message": "Not Authorized to access this resource/api"
}
}
I have checked the the permissions from the domain administrator have been delegated to the service account. And I have also checked that i can access the list of groups, while being logged in as the domain administrator.
Any help or hints is highly appreciated.
Thanks in advance
You will need to add the scope for reading groups.
First, make sure that you properly followed the steps here in this documentation including this steps on how to Instantiate an Admin SDK Directory service object.
It is important because this one shows you how to make API requests using OAuth 2.0 and your service account's credentials to perform Google Apps Domain-wide delegation.
For more information, check these related SO questions:
Google_Service_Directory - (403) Not Authorized to access this resource/api
Received error “Not Authorized to access this resource/api” when trying to use Google Directory API and Service Account Authentication

Gitkit token service API returns 403 "cannot be identified with a client project" error

I am currently trying to use the Google Identity Toolkit Token Service REST API (https://developers.google.com/identity/toolkit/reference/securetoken/rest/v1/token) to generate an access token which I can use in my backend server.
When I specifying "authorization_code" as "grant_type" and the gtoken cookie value after authentication as "code" in the POST request to https://securetoken.googleapis.com/v1/token, I get a 403 response with the following error message:
{
"error": {
"code": 403,
"message": "The request cannot be identified with a client project. Please pass a valid API key with the request.",
"status": "PERMISSION_DENIED"
}
}
I inspected the gtoken value via a JWT decoder and it looks to be correct in format. In particular I can see that aud is set to my application/client ID. The documentation doesn't say anything about specifying API key - usually I would expect that to be specified in the Authorization header. So I am not sure what I am missing here.
Any pointer to this matter would be appreciated.
An API key in the URL is required when calling Google Identity Toolkit APIs (including the Token Service API). However, I would suggest you take a look at the new version of the service - Firebase Authentication. The Firebase Auth SDK has build-in support of the Token Service API.

why is google oauth2 playground failing to return data?

I'm learning oauth2 using the google playground, I'm trying this request:
https://www.googleapis.com/youtube/v3/activities?part=snippet
and receiving this response:
{
"error": {
"code": 403,
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project.",
"errors": [
{
"domain": "usageLimits",
"message": "Access Not Configured. Please use Google Developers Console to activate the API for your project.",
"reason": "accessNotConfigured"
}
]
}
}
on the authorization tab I requested access to all yoututbe v3 api scopes and I granted access upon request. I'm assuming I'm forming the query parameters wrong perhaps? I'm new to oauth and how anything about it works.
I believe you need to use your own oauth clientID and secret for this particular API in the playground. If you click on the gear button on the right top corner and click the check mark on "Use your own credential" in the playground, you should be able to enter yours.
You can get your own OAuth credential by following the instruction here: https://developers.google.com/youtube/registering_an_application
Oh make sure you name your application and provide email under the APIS & AUTH ->Consent screen in the Developer console when you first create you OAuth credential for your project.
And there is one thing missing in your query as well... you need specify a filter as well. See if you can at least get this one working:
GET https://www.googleapis.com/youtube/v3/activities?part=snippet&home=true
I had the same issue, and before I found your question I had posted mine
Apparently Google hadn't enabled the Youtube Analytics API for the default/demo credentials in the oAuthPlayground, which is now enabled, see the accepted answer in the link
https://stackoverflow.com/a/33462959/2473413

Resources